Reply

WPA3 issues

theBrick89
Star

WPA3 issues

I just repalced my RBK52 to RBK852 and so far everything works great except major WPA3 hiccup

I thought WPA3 supposed to be a backward compatible but some devices cannot connect the network if I set it up as WPA3 Personal.

also weirdly enough, my iPhone 11 Pro and iMac sometimes disconnects from the network and cannot reconnect back onto it.

 

I had to roll it back to WPA2 Personal and having no issue with it. 

Message 1 of 33
FURRYe38
Guru

Re: WPA3 issues

WPA is not backwards compatible from what I understand. WPA3 is it's own new standard and any client device you have needs to be upgraded to also support WPA3. I know that Apples iOS 13 preview supports it. I believe newer Android OS supports it as well. 

 

Hopefully NG will come out with a mixed WPA2 and WPA3 mode that would be supporting of both modes for those devices that don't get upgraded to WPA3. 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 2 of 33
theBrick89
Star

Re: WPA3 issues

Both my iMac and iPhone 11 Pro runs on newest developer preview build of the OS. They don't have any issue creating initial connection to RBK852's WPA3 network then randomly drops out the connection.

 

and also, if I remember correctly, WPA3 spec should include backward compatibility to WPA2 devices

Message 3 of 33
FURRYe38
Guru

Re: WPA3 issues

I've only tested WPA3 out for a short while. I didn't see any issues with my iphone. Since thats the only device I have currently that supports it. I changed back to WPA2 and AES. 

 

I would review the spec to see if it's supposed to be back wards compatible or not. WPA2 was not backwards compatible with WPA. WPA2 has two modes, TPIK an AES.  Most router mfrs inplemented a mixed WPA and WPA2 mode setting that allowed WPA and WPA2 devices to connect to the same router at the same time using the different security modes. This is what provides backwards compatibility. Also device Mfrs will need to update there devices as well to support WPA3. 

 

WPA3 is SAE, Simultaneous Authentication of Equals. I see two modes, Personal and Enterprise. 

https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security

 

It will be up to both device Mfr and router mfrs to implement this I presume as we have seen in the past with WPA and WPA2.

 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 4 of 33
schumaku
Guru

Re: WPA3 issues

No hands-on experience with the WiFi 6 Orbi system here, so I can be completely wrong: Suspect the confusion is similar to the Nighthawk AX models wireless security settings - if an AP is configured to WPA3 it does not automatically allow WPA2. The misunderstanding is because WPA3 and WPA2 can be allowed concurrently on each radio, this does not make it backward compatible (as far to often mentioned in the net...).

===

When setting it to "WPA3 (Personal)" it will only allow WPA3 ... no backward compatibility.

 

Set the router to WPA3 (Personal) + WPA2 (AES, Personal) ... this will allow the WPA3 with backward compatibility to WPA2-AES (only, no TKIP, so probably some legacy devices might fail to associate).

===

-> RAX120 WPA3 "Security Setting"?

 

Due to compatibility issues with some WPA3-capable clients, we had to revert from WPA3 to WPA2 (AES, Personal) for a while, too.

Message 5 of 33
FURRYe38
Guru

Re: WPA3 issues

This is the mixed mode I referred to. Once NG implements this on the 850 RBR, then users will have backwards compability. Currently there is no mixed mode, It's either WPA3 stand alone or WPA and WPA2 mixed. NG will need to get WPA, WPA2 and WPA3 mixed modes to play all together for backwards compatibility. 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 6 of 33
schumaku
Guru

Re: WPA3 issues


@FURRYe38 wrote:

Currently there is no mixed mode, It's either WPA3 stand alone or WPA and WPA2 mixed. NG will need to get WPA, WPA2 and WPA3 mixed modes to play all together for backwards compatibility. 


Seriously?!? Oh nooooooo what a *****. Would have checked the fine documentation, however there is still no Orbi (AX) User Manual publisehd.

Message 7 of 33
FURRYe38
Guru

Re: WPA3 issues

Ya, NG is working on it. Future updates should have the full mixed mode. We hope. Smiley Tongue

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 8 of 33
schumaku
Guru

Re: WPA3 issues

@FURRYe38  Right away for the official product sales start (not before Nov 1st 2019 in Europe, or Nov 11 2019 in the States) one might hope ...

Message 9 of 33
FURRYe38
Guru

Re: WPA3 issues

 I was wondering why some places are making the 852 available sooner than expected. I presume it's these retail stores that are now selling them before the annouced date? 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 10 of 33
Z42985
Aspirant

Re: WPA3 issues

Oh, no wonder when I selected "WPA2/WPA3-Personal" from the iPhone app during initial setup it kept going back to just "WPA3-Personal" 

The iPhone App lists "WPA2/WPA3-Personal" as an option but then the web UI says "WPA3-Personal [SAE]" with no WPA2/WPA3 option.

Message 11 of 33
FURRYe38
Guru

Re: WPA3 issues

Yes the Orbi app won't be compatible with that setting on the RBR. Hopefully NG will get the mixed security modes going in a future update. Please be patient.

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 12 of 33
ErnestTheGreat
NETGEAR Expert

Re: WPA3 issues

@Z42985 the problem with WPA2/WPA3 mixed mode is that there is lot of legacy and even newer wifi clients that have issues with the SSID of AX routers that support this mixed mode so that is probably why the feature was taken out but the app has not cought up yet.  

Message 13 of 33
kickingyourself
Aspirant

Re: WPA3 issues

Product (not included in the dropdown list): RBS850 Orbi Satellite 

Firmware: V3.2.10.11_1.2.12

 

Upgraded firmware on the router and satellite. Both rebooted successfully. I updated the security protocol to WPA3-Personal, and now the satellite no longer appears in the network, not on the app or the UI login screen. Rebooting and resetting has not solved the issue. 

Message 14 of 33
FURRYe38
Guru

Re: WPA3 issues

I just checked mine. Mine was using WPA2 and AES only in AP mode. I first turned off the RBSs, changed to WPA3 and applied the change. I powered on the two RBS one at a time. They both appeared eventually in the RBRs status page as satellites and were connected wirelessly. 


@kickingyourself wrote:

Product (not included in the dropdown list): RBS850 Orbi Satellite 

Firmware: V3.2.10.11_1.2.12

 

Upgraded firmware on the router and satellite. Both rebooted successfully. I updated the security protocol to WPA3-Personal, and now the satellite no longer appears in the network, not on the app or the UI login screen. Rebooting and resetting has not solved the issue. 


 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 15 of 33
AspireTech
Initiate

Re: WPA3 issues

Uugh, wish they would update rbs850 fw to support wpa2/wpa3 mixed mode.  Can't secure the rest of the network on wap3 until they do this.

Message 16 of 33
FURRYe38
Guru

Re: WPA3 issues

I hear ya. 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 17 of 33
homekitGuy
Tutor

Re: WPA3 issues

Does anyone have any update or planned support for "WPA2/WPA3 Transitional" mode for RBK852 — Orbi WiFi 6 System AX6000?

Message 18 of 33
FURRYe38
Guru

Re: WPA3 issues

I haven't heard anything. 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 19 of 33
pkgadd
Apprentice

Re: WPA3 issues

The problem with WPA2+WPA3 mixed mode is less with the AP (respectively the orbi in this case), but with clients simply not working correctly with such a network. Especially Apple- but also some Android 10 devices simply don't connect in this configuration (they can connect to a pure WPA3 network or a pure WPA2 network), fixing this will probably have to be done on the client side (in other words, it's not likely to happen). Netgear probably disabled mixed mode to ease their support burden, as it affects the most common wireless devices around.

 

Are there alternatives to mixed mode? Technically yes, the hardware should be able to run multiple AP interfaces (VAP) on the same radio, so one dedicated network for WPA2 and another for WPA3, with different ESSID (similar to the guest mode, just with different routing/ filtering semantics) and PSK settings. This would work, but it's obviously not the prettiest solution and quite prone to user confusion (why do I need to select two different ESSIDs and PSKs for my single network - which network do I need to connect to).

Message 20 of 33
homekitGuy
Tutor

Re: WPA3 issues

Interesting perspective but can see how hobbling the device to reduce support impact is a business decision. I was reading a recent Apple support doc (they use the term transition mode) and how to activate (WPA2/3) mode for greater security. Perhaps the mixed mode isn't such a big deal??
Message 21 of 33
FURRYe38
Guru

Re: WPA3 issues

I got information from NG, Seems to echo what you mentioned about clients being the problem. They said there is new data streams in the beacon standard when WPA3 is enabled, that older wifi drivers on the client side can't seem to decode this correctly correctly. This is someting that NG and probably all other wifi router mfrs have no control over. Seems this is a problem industry wide on the client side which the client side HW mfrs will have to bring updates too. NG can't give any time frame on any other fixes or information on WPA3. 

 

I presume WPA3 is still in development and needs some growth time from the development group who over sees the WPA seucity core code. They and the all the client side HW developers will need to get this all figured out. Probably will take time so seeing mixed mode and or any kind of full backward compatibility with client side HW will be in the future I hope. I presume some mfrs may not update any legacy devices as well. 

 

For now, WPA2 and AES is best for most current wifi devices for best compatibility. 


@pkgadd wrote:

The problem with WPA2+WPA3 mixed mode is less with the AP (respectively the orbi in this case), but with clients simply not working correctly with such a network. Especially Apple- but also some Android 10 devices simply don't connect in this configuration (they can connect to a pure WPA3 network or a pure WPA2 network), fixing this will probably have to be done on the client side (in other words, it's not likely to happen). Netgear probably disabled mixed mode to ease their support burden, as it affects the most common wireless devices around.

 

Are there alternatives to mixed mode? Technically yes, the hardware should be able to run multiple AP interfaces (VAP) on the same radio, so one dedicated network for WPA2 and another for WPA3, with different ESSID (similar to the guest mode, just with different routing/ filtering semantics) and PSK settings. This would work, but it's obviously not the prettiest solution and quite prone to user confusion (why do I need to select two different ESSIDs and PSKs for my single network - which network do I need to connect to).


 

My Setup (Cable 1Gbps/50Mbps)>CAX80 v2.1.2.1(LAG Disabled)> RBK953(v6.0.3.68) & XR450(v130)
Additional NG HW: C7800/CM1100/CM1200CM2000, Orbi CBK40, CBR750, RBK853 v4.6.3.16(AP) & RBK752 v4.6.5.14, RBK50(v22), SXR30(v110), R7000(v34), R7800(v84), R7960P(v82), EX7500/EX7700, and WNHDE111
Message 22 of 33
Retired_Member
Not applicable

Re: WPA3 issues

Eero doesn't seem to have an issue running WPA2/WPA3 concurrently. All of my older IoT-type devices connected fine with it. Rather disappointed that, especially for the price, the RBR850 doesn't support it.

 

 

Hardware Version: RBR850
Firmware Version: V3.2.16.6_1.4.4
GUI Language Version: V3.0.0.49_2.1.30.3

Message 23 of 33
schumaku
Guru

Re: WPA3 issues

@ErnestTheGreat Can't Netgear consider to allow the transitioning WPA2/WPA3 mode again

Message 24 of 33
ErnestTheGreat
NETGEAR Expert

Re: WPA3 issues

Hi @schumaku,

 

The issue as I remember with WPA2/WPA3 was more on the client-side of things than AP so to avoid issues for customers it was removed. A lot of the Samsung Galaxy S devices had an issue with using the WPA2/WPA3 feature and so did many other clients which is why it was removed. As far as bringing back the WPA2/WPA3 feature goes I can't comment on that since that is something that the Netgear Product Line Mangers need to decide on.

 

 

Message 25 of 33
Top Contributors
Discussion stats
  • 32 replies
  • 9659 views
  • 7 kudos
  • 12 in conversation
Announcements

Orbi WiFi 6E